SMTP Service STARTTLS Plaintext Command Injection

medium Nessus Plugin ID 52611


The remote mail service allows plaintext command injection while negotiating an encrypted communications channel.


The remote SMTP service contains a software flaw in its STARTTLS implementation that could allow a remote, unauthenticated attacker to inject commands during the plaintext protocol phase that will be executed during the ciphertext protocol phase.

Successful exploitation could allow an attacker to steal a victim's email or associated SASL (Simple Authentication and Security Layer) credentials.


Contact the vendor to see if an update is available.

See Also

Plugin Details

Severity: Medium

ID: 52611

File Name: smtp_starttls_plaintext_injection.nasl

Version: 1.21

Type: remote

Published: 3/10/2011

Updated: 3/6/2019

Supported Sensors: Nessus

Risk Information


Risk Factor: Medium

Score: 6.3


Risk Factor: Medium

Base Score: 4

Temporal Score: 3.1

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 3/7/2011

Reference Information

CVE: CVE-2011-0411, CVE-2011-1430, CVE-2011-1431, CVE-2011-1432, CVE-2011-1506, CVE-2011-2165

BID: 46767

CERT: 555316